njrat | d16ff40c993f356fb92940a67a7e8dbc047477171721850bd02b2fcd03bc272d | Triage

Sharing

General

Target

d16ff40c993f356fb92940a67a7e8dbc047477171721850bd02b2fcd03bc272d
Size

16KB
Sample

240419-vagdtaae31
MD5

6a120c58ac934afe611236a8d062cc0c
SHA1

e0a9d77524d2310f9598df98973c7ff1cc20ca4e
SHA256

d16ff40c993f356fb92940a67a7e8dbc047477171721850bd02b2fcd03bc272d
SHA512

f47bdc16b4c5b2c41d39955bbac6af8ecab7d70f76a76adc048039ffd54a8f00a11bea5946085a0ff8c06a3c0034de2390a504d89ce521cb85767c3ea174f937
SSDEEP

384:jzU2qoHEhBh+PaOfNNPLvEmsqeM1Vzs23G8ihriBwPunIPL/hoLSv:jg2qCE75ObPQ9QVzb28miBwEIPL/h9

Score

10^/10

njrat hacked evasion

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

7.tcp.eu.ngrok.io:15966

Mutex

6e73430ec30ccb425726caf9fe81f553

Attributes

reg_key
6e73430ec30ccb425726caf9fe81f553
splitter
|'|'|

Targets

- Target
  
  c7b4072d1237617b13a7613c46e5a4b63bd8e09b7c9eba9409133fdd0aee7b10.exe
- Size
  
  37KB
- MD5
  
  a028bef15a742cfe213b5ad5e4630858
- SHA1
  
  ca8340a2f0fcad2bf868935bf78cc2f36993bca2
- SHA256
  
  c7b4072d1237617b13a7613c46e5a4b63bd8e09b7c9eba9409133fdd0aee7b10
- SHA512
  
  f6f80c523209f223c4486ef9d7bc5e62dd5a3c07a533578387909a2ae9623b2c01e537f6d675f608a047d7aa706723e9924f5c1edb26c2c1f4e5d7a128c6b472
- SSDEEP
  
  384:rmZ+vEiTbZvpWNcZ0y8f1CRDX5CLk6SiUrAF+rMRTyN/0L+EcoinblneHQM3epzs:K+dTZ38f1CRDcNSHrM+rMRa8Nup2vtt
Score

8^/10

evasion
- Modifies Windows Firewall
  evasion
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2